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(54) Provision of secure access for telecommunications system 



(57) A gateway server (7) giving access from a ter- 
minal (2) to a telecommunications network (10), is con- 
trolled by the user making a first telecommunications 
call, in which a pseudo-random number generated by a 
token 1 is transmitted for storage in a database (6) to- 
gether with the identity of the calling terminal (2). A sec- 
ond call is then made from the same terminal (2) to es- 



tablish connection with the gateway (7), the calling ter- 
minal's identity being used to retrieve the pseudo-ran- 
dom code stored in the database (6) for comparison with 
access security data generated by the gateway (7). This 
allows password protected access for terminals (2) not 
equipped for the generation of passwords as part of the 
log-on process. 




Access 
Control 



CL 
LU 



Figure 3 



1 



EP1 119 147 A1 



2 



Description 

[0001 ] This invention relates to the provision of secure 
access for telecommunications systems, and in partic- 
ular in the provision of secure access to the "Internet" 5 
or similar distributed or other computer networks using 
dial-in telecommunications links. Provision of secure ac- 
cess is necessary to prevent abuses by unauthorised 
users, for example by gaining access to private data 
such as that available on private "Intranets", or getting 
free use of the authorised user's account. 
[0002] It is common practice to provide secure access 
to systems by requiring the user to enter a security code 
(Personal Identity Number or "PIN") known only to the 
authorised user. However, such codes are vulnerable to 
interception when they are transmitted during the log- 
on process. They must also be easy to remember by the 
user, so they have to be relatively simple. 
[0003] Some systems make use of single-use access 
codes generated by a pseudo-random process and dis- 
played on a "token" carried by the user. The token is a 
small independent device, which runs a pseudo-ran- 
dom, time-based algorithm which causes a pseudo-ran- 
dom numerical password to be displayed on a screen. 
As part of the log-on process to be performed when a 
user wishes to make connection to the network, he 
reads the code displayed on the token's display and 
transmits it to the network as plain text once initial con- 
nection is made to the network, but before the user is 
assigned an IP address and an actual connection. This 
operation is synchronised with an access control server 
at the network end, which performs the same algorithm. 
The codes have to match for network authentication to 
be allowed. If the code transmitted by the user is inter- 
cepted, it cannot be misused on subsequent occasions 
as it changes frequently (typically after a few minutes). 
[0004] In order to prevent misuse of stolen or mislaid 
tokens, it is usual for both a PIN and a token code to be 
required for successful connection to the network. 
[0005] This procedure requires the user terminal to be 
configured to interrupt the log-in process by prompting 
the user to enter the access code and to abort the log- 
in process if the correct code is not transmitted. Al- 
though typical general-purpose desktop and laptop 
computers can be configured to do this, the process is 
cumbersome, and inconvenient if the terminal is only 
likely to be used for secure access occasionally. More- 
over, some devices and systems currently on the mar- 
ket, such as "WAP" (Wireless Application Protocol) tel- 
ephones, have the login process, including the user 
identification, permanently programmed into their oper- 
ating systems, and do not have the capability to interrupt 
the network connection process to provide the required 
authentication codes. WAP phones establish an Internet 
Protocol session and then pass WTP (WAP Transport 
Protocol) signalling over this connection to connect to 
the WAP server. The phones operate as a normal anon- 
ymous internet connection and do not have the ability 



to allow the user to enter the variable code after dialling, 
and therefore cannot be used to allow secure network 
login. Such telephones can, of course, also be used to 
make ordinary telephone calls over the public switched 
telephone network (PSTN), and can transmit DTM F (du- 
al tone multi-frequency) signals like a conventional tel- 
v ephone 

[0006] According to the invention there is provided an 
access control system for controlling a gateway server 
giving access from a terminal to a telecommunications 
network, comprising: 

access means for receiving telecommunications 
calls of a first type, 

storage means for storing data received over tele- 
communications calls of thefirst type and data iden- 
tifying the terminal from which each such call is 
made, 

and access control means for receiving telecommu- 
nications calls of a second type and being respon- 
sive to data identifying the terminal from which such 
calls are made to retrieve from the storage means 
data stored therein corresponding to a call of the 
first type originating from the same terminal, and be- 
ing arranged to control the gateway server accord- 
ing to the data so retrieved. 

[0007] According to another aspect, there is provided 
a method of controlling a gateway server giving access 
from a terminal to a telecommunications network, 
wherein: on receipt of a telecommunications call of a first 
type, data received over the telecommunications call is 
stored together with data identifying the terminal from 
which the call is made, and on receipt of a telecommu- 
nications call of a second type, the terminal from which 
the call is made is identified, and data previously re- 
ceived over a telecommunications call of the first type 
from the same terminal is retrieved, the data so retrieved 
being used to control the gateway server. 
[0008] Preferably, the access control means gener- 
ates a pseudo-random sequence for comparison with 
sequences received over telecommunications calls of 
the first type. The storage means may be arranged to 
store sequences received over the telecommunications 
calls of the first type, the access control means having 
means for generating the pseudo-random sequence in 
response to receipt of the second telecommunications 
call and comparing it with the sequence stored in the 
storage means. Alternatively, the access control means 
may have means for generating the pseudo-random se- 
quence in response to receipt of telecommunications 
calls of the first type, comparing the pseudo-random se- 
quence with a sequence received over the first telecom- 
munications call, the storage means being arranged to 
store comparison data indicative of the result of said 
comparison, the access control means being arranged 
to retrieve said comparison data in response to receipt 
of a telecommunications call of the second type from the 
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respective terminal. 

[0009] This invention overcomes the limitations of tel- 
ephone apparatus not configured or equipped for trans- 
mission of such codes by using an initial PSTN connec- 
tion to transfer the required information to the network 
using DTMF tones, and then placing these in the net- 
work authentication stream at the appropriate place. 
[0010] An embodiment of the invention will now be 
discussed by way of example, with reference to the 
drawings, which illustrate the various elements which 
cooperate to perform the invention. In the drawings: 

Figure 1 illustrates the prior art system 

Figure 2 is a flow chart illustrating the operation of 

the prior art system 

Figure 3 illustrates a system according to the inven- 
tion 

Figure 4 is a flow chart illustrating the processes 
taking place in a first method of operation of this em- 
bodiment 

Figure 5 is a flow chart illustrating an alternative 
method of operation of the invention. 

[001 1 ] As shown in Figure 1 , there is provided the us- 
er's code generation token t , a computer and associat- 
ed modem 2a, which is connected through the tele- 
phone network 3, (which network includes a Calling Line 
Identity generation unit 4, although this is not used by 
the prior art system) to a dial-in gateway server 7 giving 
access to a data network 10, and an access control serv- 
er 9 associated with the gateway server 7. 
[0012] As shown in Figure 2, the prior art system op- 
erates as follows: 

[001 3] When the user connects his terminal 2a to the 
dial-in gateway 7 using the telephone network 3 (step 
25), the login process is interrupted by a screen prompt 
21 , requiring the user to read the code currently dis- 
played by the token 1 (step 22) and transmit that code 
and his PIN to the gateway server 7, which passes it on 
to the access control server 9 (step 28). The access con- 
trol server 9 runs the pseudo-random code generation 
process to generate an access code for comparison with 
that received from the user. If the code is correct an au- 
thorisation is generated (step 29) allowing the gateway 
7 to make the connection between the user terminal 2a 
and the data network 10. If the code is incorrect a retry 
prompt or other error message is transmitted back to the 
user terminal 2a. Thus access is only possible for a user 
who is in possession of the token and also knows the 
user's PIN. 

[001 4] If a connection is attempted later than a prede- 
termined time after the initial transmission of the code 
word, the connection is not enabled. The access control 
unit 7 typically only has a limited time window (2 or 3 
minutes) for which any given access code is valid. If an 
old code is transmitted then access is denied as the ac- 
cess codes received from the user (step 28) does not 
correspond with that generated byu the access control 



server 9. 

[001 5] In the system of the invention, shown in Figure 
3, the gateway server 7 is associated with a dial-in ac- 
cess server 5 having an access database 6, and a data 
5 retrieval unit 8. The user is shown as using a WAP-com- 
patible telephone 2 not having the ability to interrupt the 
login process in the way required by the prior art system. 
[0016] As shown in Figure 4, the invention operates 
as follows: 

io [001 7] The user first uses the telephone 2 to dial in to 
the access server 5 over the PSTN network 3 (steps 
40,41). The Calling Line Identity facility 4 in the network 
generates a signal identifying the telephone 2 which is 
read by the access server 5. The user now reads the 

15 pseudo-random number currently displayed by the to- 
ken 1 (step 42), and transmits this and his authorisation 
code (PIN), using DTMF tones, to the access server 5 
(step 43). The pseudo-random number and the PIN con- 
firm the identity of the user. The access server 5 records 

20 the caller's calling line identity (CLI), the two codes 
transmitted by the user, and the time, in a database 6 
(step 44). 

[001 8] The user now drops the first call and connects 
to the dial-in gateway 7 using the same telephone 2 

25 (step 45). The gateway 7 then records the CLI generat- 
ed by the CLI generation unit 4 and passes this to the 
data retrieval unit 8 (step 46), which uses the CLI to re- 
trieve the information held with the CLI in the database 
6 (step 47). This data is then returned to the access con- 

30 trol server 9 (step 48) . The access control server 9 now 
has all the information required to enable a login authen- 
tication to be performed. The access control server 9 
operates in the same way as for a normal access-con- 
trolled login, running the pseudo-random code genera- 

35 ton process to generate an access code for comparison 
with that received from the user. If the code is correct 
an authorisation is generated (step 49) allowing the 
gateway 7 to make the connection between the user ter- 
minal 2 and the data network 1 0. If the code is incorrect 

40 a retry prompt or other error message is transmitted 
back to the user terminal 2. Thus access is only possible 
for a user who is in possession of the token and also 
knows the user's PIN. 

[0019] If a connection is attempted more than a pre- 
45 determined time after the initial transmission of the code 
word, the connection is not enabled. The access control 
server 9 typically only has a limited time window (2 to 3 
minutes) for which any given access code is valid. If the 
second call 45 falls outside this time window then ac- 
so cess is denied as the access codes read from the data- 
base 4 and the access control unit 7 do not correspond, 
and the user must try again, up to a predetermined max- 
imum number of attempts. 

[0020] An alternative process is shown in Figure 5, in 
55 which steps similar to those in the process of Rgure 4 
are identified by having the same final digit. The initial 
code capture (steps 50, 51 , 52, 53) is carried out as be- 
fore, but the access control server 9 then receives the 
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CLI, PIN and code number from the access server 5 
(step 58) and performs the validation process before the 
second connection (55,56) is made, storing the author- 
isation code (59) in the store 6. The user connection de- 
cision performed by the access control server 9 can then s 
be based solely on receipt of the appropriate CLI (step 
56): by the retrieval unit 8, which then accesses the store 
6 to identify whether the connection has been author- 
ised, and returns an authorisation 59 if one has been 
stored for that CLI. This process simplifies the data *o 
stored in the database 6, awaiting the setting up of the 
second call 55 before retrieving it using a retrieval unit 
8, and allows a faster set-up time, as the connection can 
be validated by the access control server 9 before the 
second call is initiated. However, it is less secure, as the 15 
connection becomes validated before a call attempt (55) 
is made to the gateway server 7, allowing greater op- 
portunity for an unauthorised user to access the con- 
nection through the validated gateway. 



Claims 

1 . An access control system for controll in g a gateway 
server (7) giving access from a terminal (2) to a tel- 25 
ecommunications network (10), comprising: 

access means (5) for receiving telecommuni- 
cations calls of a first type, 
storage means (6) for storing data received 30 
over telecommunications calls of the first type 
and data identifying the terminal from which 
each such call is made, 
and access control means (9) for receiving tel- 
ecommunications calls of a second type and 35 
being responsive to data identifying the termi- 
nal from which such calls are made to retrieve 
from the storage means (6) data stored therein 
corresponding to a call of the first type originat- 
ing from the same terminal, and being arranged < 40 
to control the gateway server (7) according to 
the data so retrieved. 

2. An access control system according to claim 1 
wherein the access control means (9) generates a 45 
pseudo-random sequence for comparison with a 
sequence received over a telecommunications call 

of the first type. 

3. An access control system according to claim 2 so 
wherein the storage means (6) is arranged to store 

a sequence received over telecommunications call 
of the first type, and the access control means (9) 
having means for generating the pseudo-random 
sequence in response to receipt of a telecommuni- ss 
cations call of the second type and comparing it with 
the sequence stored in the storage means. 



4. An access control system according to claim 2, the 
access control means (9) having means for gener- 
ating the pseudo-random sequence in response to 
receipt of a telecommunications call of the first type, 
comparing the pseudo-random sequence with a se- 
quence received over the telecommunications call, 
and the storage means being arranged to store 
comparison data indicative of the result of said com- 
parison, the access control means being arranged 
to retrieve said comparison data in response to re- 
ceipt of a telecommunications call of the second 
type. 

5. A method of controlling a gateway server (7) giving 
access from a terminal to a telecommunications 
network, wherein 

on receipt of a telecommunications call of a first 
type, data received over the telecommunica- 
tions call is stored together with data identifying 
the terminal from which the call is made, 
on receipt of a telecommunications call of a 
second type, the terminal from which the call is 
made is identified, and data previously received 
over a telecommunications call of the first type 
from the same terminal is retrieved, the data so 
retrieved being used to control the gateway 
server. 

6. A method according to claim 5 wherein pseudo-ran- 
dom sequences are generated for comparison with 
sequences received over telecommunications calls 
of the first type, the gateway server being controlled 
to permit access to the telecommunications net- 
work if the sequences agree for calls of the first type 
and the second type in respect of the same terminal. 

7. A method according to claim 6 wherein the pseudo- 
random sequence is generated in response to re- 
ceipt of a telecommunications call of the second 
type. 

8. A method according to claim 6 in which the pseudo- 
random sequence is generated in response to re- 
ceipt of a telecommunications call of the first type, 
the result of the comparison being stored for retriev- 
al when a telecommunications call of the second 
type is received from the same terminal. 



4 



EP1 119 147 A1 




EP 1 119 147 A1 




•1— I 



6 



EP1 119 147 A1 




7 



EP1 119 147 A1 



C 

1-1 





ON 


J- 


is 




n 


e: 


o 




U 


CO 



> 
CD 

Cdl " 



00 



oo 



as 



c 
o 

+-» 

cd 

CO 

3 

j— » 

3 
< 



9 

O 



s 



Oh 



00 
CO 

a 



CO 

cd 
X> 
aj 
+-» 
cd 

Q 



in 



c 
o 

D, 
JD 

H 



& 

CO 

CO 

2 

O 

a> 

c 
o 

O 



u 



CD 

£ 

C/3 



? 



o 



£} m r ^ 

^ Tt W 



O 

U 



o 

C 
C 
O 

a 



a. 

B 

2 
a. 



+ 

CD 

o 

o 



^1- 



a> 

g 



£ 

+ 

s 

o 



8 



EP1 119 147 A1 



E 

4> 



co 

-J— > 

Q 



cd 

Q 



o 



> 



oo 





as 




1 






B 


o 




U 


CO 



O c — 



c 



< 



> 
co 

CO 

<D 
O 



o ^ 

mm 



a 
o 

X! 

-O, 

H 



o 
c 

C 

o 
O 



C5 

J* 
O 
H 



CO 
GO 

a> 
o 
o 



e: 

00 



CM CO 

<o m 



o 

a 



s 

pu 

+ 

O 
O 



w3 



oo 
m 



m 



in 



u 



e 

H 
+ 



o 
U 



o 



a 

c 
c 
o 



ON 
m 



o 



CO 
?-• 

O 

+-» 
3 




• i-H 



9 



EP1 119 147 A1 




European Pvtent 
Office 



EUROPEAN SEARCH REPORT 



EP 00 30 0337 



DOCUMENTS CONSIDERED TO BE RELEVANT 



Category 



CHatton of document wHh I m it ati on, where appropriate. 



Relevant 
Id cfcxini 



CLASSnCATIONOFTHE 
APPLICATION (IntCLT) 



US 5 668 876 A (FALK JOHAN PER ET AL) 
16 September 1997 (1997-09-16) 

* column 1, line 66 - column 2, line 47 * 

* column 2, line 66 - column 3, line 67 * 

* column 4, line 46 - column 5, line 7 * 

* column 5, line 22-28 * 



1-6,8 



H04L29/06 



US 5 920 805 A (F0LADARE MARK JEFFREY 
AL) 6 July 1999 (1999-07-06) 



ET 



* column 1, line 66 

* column 5, line 36 

* figures 2B,3 * 



column 2, line 19 * 
column 6, line 17 * 



US 5 655 007 A (MCALLISTER ALEX) 
5 August 1997 (1997-08-05) 

* colcsnn 5, line 29-65 * 

* claims 1-6 * 



1,5 

2-4,6-8 
1-8 



TECHNICAL FIELDS 

pnLCt7) 



K04L 
G06F 
N04Q 
H04M 



The present searctt report has been drawn up far aB claims 



Ptaooof Mttdi 

THE HAGUE 



OhAs oT coHiplrtiort ct Dip cm 

28 July 2000 



Lazaro Lopez, M.L. 



CATEGORY OF CITED DOCLHytZKTS 

X : partittiarty retemnt j* taken aton e _ 
Y * pa/Vcutahy relevant if ccifnblned irttn another 

document of ths same caJeoon/ 
A : tochnotogpceJ backg r ound 
O '■ non-written dtsdbsur* 
P r \t ilw 1 1 novate docuroanl 



T : Iheory of principle underlying the Invention 
E : earlier patent document, but published on, or 

after the ffing dale 
D i document cfiod tn the Hppticsrton 
L ; document ohed tor tuttutr reasons 



A : member of tre wne potent family, oafraspondlng 



10 



EP1 119 147 A1 



ANNEX TO THE EUROPEAN SEARCH REPORT 
ON EUROPEAN PATENT APPLICATION NO. 



EP 00 30 0337 



This annex lists the patent tenfly nwmbarsrafaAig to the patent documents cited In the above-mentioned European search report. 
The momtomi are as contained m ths Eu ro pe a n Patent Otic* EOP fie on 
The European Patert OJtafch r»wayB«bte#orthe#e 

28-07-2000 



Patent document 




Pubticatioit 




Patent family 


Publication 


cited in search report 




date 




members) 


date 


US 5668876 


A 


16-09-1997 


AU 


692881 8 


18-06-1998 






AU 


2688795 A 


19-01-1996 








CA 


2193819 A 


04-01-1996 








EP 


0766902 A 


09-04-1997 








FI 


965161 A 


13-02-1997 








JP 


10502195 T 


24-02-1998 








WO 


9600485 A 


04-01-1996 


US 5920805 


A 


06-07-1999 


NONE 






US 5655007 


A 


05-08-1997 


US 


5513250 A 


30-04-1996 



£ RxiTKxedefeteabcutthfeartnex :m On\dd Patent Ofltee. No. 12/82 



11 



